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DETAILED ACTION 

1. Claims 1-40 are pending. 

Information Disclosure Statement 

2. The IDS submitted on 8/19/03 has been considered. An initialed copy is 
enclosed. 

Claim Objections 

3. Claim 22 is objected to because of the following informalities: replace 
"connecting to an authorization module using a second password I order to" with 
"connecting to an authorization module using a second password in order to." 
Appropriate correction is required. 

Claim Rejections - 35 USC § 101 

4. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of 
matter, or any new and useful improvement thereof, may obtain a patent therefor, subject to the 
conditions and requirements of this title. 

5. Claims 1-14 and 35-37 are not limited to tangible embodiments. In view of 
Applicant's disclosure, specification page 10, paragraph 30, the medium is not limited to 
tangible embodiments (e.g., a module may be implemented as a hardware circuit) and 
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intangible embodiments (e.g. a module may be implemented in software). As such, the 
claim is not limited to statutory subject matter and is therefore non-statutory. 

Claim Rejections - 35 USC § 102 

6. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

7. Claims 1, 3-5, 8, 10, 11, 22, 24-26, 29, 31, 32, 35 and 38, are rejected under 35 
U.S.C. 102(b) as being anticipated by Krajewski, Jr. et al. USPN 5,590,199. (hereinafter 
Krajewski) 

8. As per claim 1, Krajewski discloses an apparatus for authorizing remote access 
to a target system, the apparatus comprising: 

a. a security module configured to selectively generate an encrypted key in 
response to a first password and establish a remote communication connection 
between a remote system and a target system in response to a third password; 
(col. 6:1-5 and lines 10-18) and 

b. an authorization module configured to decrypt the encrypted key and 
determine the third password in response to authenticating a second password 
and identifying a user within an authorized user list. (6:5-10) 
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9. As per claim 3, Krajewski further discloses the third password is operable for only 
a selected period of time. Col. 5:16-19. 

10. As per claim 4, Krajewski further discloses the authorization module is configured 
to communicate with a remote user connected over a secure communication link with 
the authorization module, and the authorization module is physically remote from the 
security module. Col. 5:14-24; figs. 5-7, Kerberos server. 

11. As per claim 5, Krajewski further discloses a remote user is conditionally added 
to the authorized user list upon completion of a remote application process. Col. 5:40- 
45. 

1 2. As per claims 8, 1 0 and 1 1 , the rejections of claims 1 and 3-5 under 35 USC 
102(b) as being anticipated by Krajewski is incorporated herein. In addition, Krajewski 
further discloses a login module configured to establish communications with a remote 
user in response to a personal password; (5:66) a confirmation module configured to 
determine whether the remote user is identified within an authorized user list (col. 5:66- 
6:5); a decryption module configured to decrypt an encrypted key provided by the 
remote user in response to identification of the remote user within the authorized user 
list, the encrypted key sent to the remote user by a target system in response to an 
access level password (6:1-5); a password module configured to derive a temporary 
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password from a decrypted version of the encrypted key. (col. 6:6-10) The 
aforementioned cover the limitations of claims 8, 1 0 and 11. 

13. As per claims 22 and 24-26, the rejections of claims 1 and 3-5 under 35 USC 
102(b) as being anticipated by Krajewski is incorporated herein. In addition, Krajewski 
further discloses a method for authorized remote access to a target system, comprising 
retrieving an encrypted key from a target system accessed by way of a first password 
(col. 5:64-6:5); connecting to an authorization module using a second password in order 
to retrieve a third password associated with the encrypted key, the authorization module 
selectively decrypting the encrypted key in response to determining that a remote user 
is identified within an authorized user list (6:5-10); and logging into the target system 
using the third password. (6:11-18) The aforementioned cover the limitations of claims 
22 and 24-26. 

14. As per claims 29, 31 and 32, the rejections of claims 1 and 3-5 under 35 USC 
102(b) as being anticipated by Krajewski is incorporated herein. In addition, Krajewski 
further discloses a method for authorized remote access to a target system, comprising 
sending an encrypted key to a remote system in response to authenticating a remote 
user using a first password (col. 5:64-6:5); connecting the remote user in response to 
the user entering a third password associated with the encrypted key, the third 
password provided to the remote user logged into an authorization module using a 
second password, the authorization module selectively decrypted the encrypted key in 
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response to determining that the remote user is identified within an authorized user list. 
(6:5-18) The aforementioned cover the limitations of claims 29, 31 and 32. 

15. As per claim 35, it is a claim corresponding to claim 22, and it does not teach or 
define above the information claimed in claim 22. Therefore, claim 35 is rejected as 
being anticipated by Krajewski for the same reasons set forth in the rejection of claim 
22. 

16. As per claim 38, it is a claim corresponding to claim 22, and it does not teach or 
define above the information claimed in claim 22. Therefore, claim 38 is rejected as 
being anticipated by Krajewski for the same reasons set forth in the rejection of claim 
22. 

Claim Rejections - 35 USC § 103 

17. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

18. Claim 2, 7, 9, 14-18, 20, 21, 23, 28, 30, 34, 36, 37, 39 and 40 are rejected under 
35 USC 103(a) as being unpatentable over Krajewski. 
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19. As per claim 2, the rejection of claim 1 under 35 USC 102(b) as being anticipated 
by Krajewski is incorporated herein. Although Krajewski does not expressly disclose 
the first password determines a set of commands available to the remote user logged 
into the target system, wherein the commands organized according to a plurality of 
hierarchical access levels, Kerberos authentication is conventionally utilized as a means 
to authenticate users into an open, distributed environment based on UNIX and/or 
Windows OS platforms. Moreover, in such environments a given logged-in user is 
restricted to a set of commands organized according to a plurality of hierarchical access 
levels based on the user's access level (a guest or default user has the lowest access 
level and an administrator or root user has the highest access level). Examiner takes 
Official notice of this teaching. Therefore, it would be obvious to one of ordinary skill in 
the art at the time the invention was made for the first password to determine a set of 
commands available to the remote user logged into the target system, the commands 
organized according to a plurality of hierarchical access levels. One would be 
motivated to do so to enable a secure authentication service on an open distributed 
environment. The aforementioned cover the limitations of claim 2. 

20. As per claim 7, the rejection of claim 1 under 35 USC 102(b) as being anticipated 
by Krajewski is incorporated herein. Although Krajewski does not expressly disclose 
the security module and authorization module comprising a log module configured to log 
actions of the remote user communicating with the target system and the authorization 

module, it is notoriously well known in the art to combine an apparatus, which controls 
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access to a service, with a logger that writes to a log file the actions by a remote user to 
log into a system. For example, UNIX monitors and maintains information regarding 
login actions of a remote user communicating with the OS. This facility enables audits 
to determine if an unscrupulous user is attempting to access the system. Therefore, it 
would be obvious to one of ordinary skill in the art at the time the invention was made 
for the security module and authorization module to comprise a log module configured 
to log actions of the remote user communicating with the target system and the 
authorization module to increase security by creating a paper trail for future audits on 
users access to a system as known to one of ordinary skill in the art. The 
aforementioned cover the limitations of claim 7. 

21 . As per claim 9, it is a claim corresponding to claims 2 and 8, and it does not 
teach or define above the information claimed in claims 2 and 8. Therefore, claim 9 is 
rejected as being unpatentable over Krajewski for the same reasons set forth in the 
rejections of claims 2 and 8. 

22. As per claim 14, it is a claim corresponding to claims 7 and 8, and it does not 
teach or define above the information claimed in claims 7 and 8. Therefore, claim 14 is 
rejected as being unpatentable over Krajewski for the same reasons set forth in the 
rejections of claims 7 and 8. 
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23. As per claims 15-18, the rejections of claims 1-5 are incorporated herein. 
Krajewski does not disclose the authorization module is an authorization server. 
However, it is well known in the art to utilize a server to perform the functionality of the 
authorization module of Krajewski as outlined in the claim 1 rejection above. For 
example in traditional Kerberos authentication (v. 4), when a client is authenticated by 
an authentication service, a ticket is communicated to the client, which includes an 
encrypted key value that can only be decrypted by a ticket-granting server. The client 
then communicates the encrypted key value as well as an authenticator to the ticket- 
granting server, whereby the ticket-granting server decrypts the encrypted key and 
returns a ticket to the client including a validating ticket. The client then uses the 
validating ticket to access the service. Examiner takes Official Notice of this teaching. 
It would be obvious to one of ordinary skill in the art at the time the invention was made 
for the authorization module to be an authorization server. One would be motivated to 
do so to enable secure authentication by a centralized server in a manner consistent 
with a proven authentication scheme such as Kerberos. The aforementioned cover the 
limitations of claims 15-18. 

24. As per claim 20, it is a claim corresponding to claims 7 and 15, and it does not 
teach or define above the information claimed in claims 7 and 15. Therefore, claim 20 
is rejected as being unpatentable over Krajewski for the same reasons set forth in the 
rejections of claims 7 and 1 5. 
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25. As per claim 21, the rejection of claim 15 under 35 USC 103(a) as being 
unpatentable over Krajewski is incorporated herein. In addition, Krajewski discloses the 
target system comprises a data storage system. Col. 5:1-13; 6:15-17. 

26. As per claim 23, it is a claim corresponding to claims 2 and 22, and it does not 
teach or define above the information claimed in claims 2 and 22. Therefore, claim 23 
is rejected as being unpatentable over Krajewski for the same reasons set forth in the 
rejections of claims 2 and 22. 

27. As per claim 28, it is a claim corresponding to claims 7 and 22, and it does not 
teach or define above the information claimed in claims 7 and 22. Therefore, claim 28 
is rejected as being unpatentable over Krajewski for the same reasons set forth in the 
rejections of claims 7 and 22. 

28. As per claim 30, it is a claim corresponding to claims 2 and 29, and it does not 
teach or define above the information claimed in claims 2 and 29. Therefore, claim 30 
is rejected as being unpatentable over Krajewski for the same reasons set forth in the 
rejections of claims 2 and 29. 

29. As per claim 34, it is a claim corresponding to claims 7 and 29, and it does not 
teach or define above the information claimed in claims 7 and 29. Therefore, claim 34 
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is rejected as being unpatentable over Krajewski for the same reasons set forth in the 
rejections of claims 7 and 29. 

30. As per claim 36, it is a claim corresponding to claims 2 and 35, and it does not 
teach or define above the information claimed in claims 2 and 35. Therefore, claim 36 
is rejected as being unpatentable over Krajewski for the same reasons set forth in the 
rejections of claims 2 and 35. 

31 . As per claim 37, it is a claim corresponding to claims 7 and 35, and it does not 
teach or define above the information claimed in claims 7 and 35. Therefore, claim 37 
is rejected as being unpatentable over Krajewski for the same reasons set forth in the 
rejections of claims 7 and 35. 

32. As per claim 39, it is a claim corresponding to claims 2 and 38, and it does not 
teach or define above the information claimed in claims 2 and 38. Therefore, claim 39 
is rejected as being unpatentable over Krajewski for the same reasons set forth in the 
rejections of claims 2 and 38. 

33. As per claim 40, it is a claim corresponding to claims 7 and 38, and it does not 
teach or define above the information claimed in claims 7 and 38. Therefore, claim 40 
is rejected as being unpatentable over Krajewski for the same reasons set forth in the 
rejections of claims 7 and 38. 
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34. Claims 6, 13, 19, 27 and 33 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Krajewski in view of Dauerer et al. USPN 5,627,967. (hereinafter 
Dauerer) 

35. As per claim 6, the rejection of claim 1 under 35 USC 102(b) as being anticipated 
by Krajewski is incorporated herein. Krajewski does not disclose the apparatus further 
comprising an updated module configured to compare the authorized user list to a 
master list of personnel potentially authorized for remote access to the target system 
and to selectively remove remote users from the authorized user list not found on the 
master list. Dauerer discloses an access controller wherein a master list stores a list of 
authorized users, and changes by an administrator to a master list are promulgated to 
local access lists. Col. 5:16-6:25; 8:32-38. It would be obvious to one of ordinary skill in 
the art at the time the invention was made to modify the invention of Krajewski such that 
the apparatus further comprises an updated module configured to compare the 
authorized user list to a master list of personnel potentially authorized for remote access 
to the target system and to selectively remove remote users from the authorized user 
list not found on the master list. One would be motivated to do so to provide a control 
arrangement that will automatically monitor and update all lists of authorized users. 
Dauerer, 3:1-4. The aforementioned cover the limitations of claim 6. 
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36. As per claim 13, it is a claim corresponding to claims 6 and 8, and it does not 
teach or define above the information claimed in claims 6 and 8. Therefore, claim 13 is 
rejected as being unpatentable over Krajewski and Dauerer for the same reasons set 
forth in the rejections of claims 6 and 8. 

37. As per claim 19, it is a claim corresponding to claims 6 and 15, and it does not 
teach or define above the information claimed in claims 6 and 15. Therefore, claim 19 
is rejected as being unpatentable over Krajewski and Dauerer for the same reasons set 
forth in the rejections of claims 6 and 15. 

38. As per claim 27, it is a claim corresponding to claims 6 and 22, and it does not 
teach or define above the information claimed in claims 6 and 22. Therefore, claim 27 
is rejected as being unpatentable over Krajewski and Dauerer for the same reasons set 
forth in the rejections of claims 6 and 22. 

39. As per claim 33, it is a claim corresponding to claims 6 and 29, and it does not 
teach or define above the information claimed in claims 6 and 29. Therefore, claim 33 
is rejected as being unpatentable over KrajewsKi and Dauerer for the same reasons set 
forth in the rejections of claims 6 and 29. 

40. Claim 12 is rejected under 35 USC 103(a) as being unpatentable over Krajewski 
in view of Jain et al. USPN 7,089,265 (hereinafter Jain). 
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41. As per claim 12, the rejection of claim 8 under 35 USC 102(b) as being 
anticipated by Krajewski is incorporated herein. Krajewski discloses an authorized 
remote user is conditionally added to the authorized user list upon completion of a 
remote application process (col. 5:40-45), but does not disclose adding the remote user 
to the authorized user list in response to approval from at least two supervisors. 
Modification of system status in response to approval of at least two supervisors is a 
well-known technique in the art. For example, Jain discloses only allowing data objects 
in a database to be modified pending approval by two supervisors. Col. 1 1 :38-56. It 
would be obvious to one of ordinary skill in the art at the time the invention was made to 
modify the invention of Krajewski such that the remote user is added to the authorized 
user list in response to approval from at least two supervisors. One would be motivated 
to do so to ensure more stringent oversight over who are allowed access to the system. 
The aforementioned cover the limitations of claim 12. 

Communications Inquiry 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Jung W. Kim whose telephone number is 571-272-3804. 
The examiner can normally be reached on M-F 9:00-5:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gilberto Barron can be reached on 571-272-3799. The fax phone number 
for the organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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February 23, 2007 




